From owner-freebsd-security  Thu Jan  6  2:12:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bg.sics.se (bg.sics.se [193.10.66.124])
	by hub.freebsd.org (Postfix) with ESMTP id 88AEC15078
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Jan 2000 02:12:37 -0800 (PST)
	(envelope-from bg@bg.sics.se)
Received: (from bg@localhost)
	by bg.sics.se (8.9.3/8.9.3) id LAA03511;
	Thu, 6 Jan 2000 11:12:21 +0100 (CET)
	(envelope-from bg)
To: Sven Brandenburg <S.Brandenburg@tu-bs.de>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: kerberos and Y2K ?
References: <387380C0.41E4AE34@tu-bs.de>
From: Bjoern Groenvall <bg@sics.se>
Date: 06 Jan 2000 11:12:20 +0100
In-Reply-To: Sven Brandenburg's message of Wed, 05 Jan 2000 17:34:56 +0000
Message-ID: <wuu2krqzjv.fsf@bg.sics.se>
Lines: 48
X-Mailer: Red Gnus v0.52/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Sven Brandenburg <S.Brandenburg@tu-bs.de> writes:

> Hello,
> 
> sorry if this is the wrong place for this question,
> but has anybody seen any Y2k problems with kerberos (eBones) ?
> 
> Yesterday I tried to create a new kerberos database.
> All went smoothly the way it`s documented in the handbook.
> Except for one thing:
> 
> $ kinit sven
> eBones International (algieba.leonis.supercluster.net)
> Kerberos Initialization for "sven"
> Password: 
> kinit: Principal expired (kerberos)
> 
> The database was created setting all expiry dates to 2001-01-01
> instead of the default 2000-01-01.
> Once the system clock is switched back to 1999 kinit is able 
> to obtain a valid ticket.
> 
> Any comments?

There used to be a real stupid default value for the expiration date
in kdb_init.c that was not fixed until 19980609. I don't know exactly
what your sources look like but here is a possible fix:

-    principal.exp_date = 946702799;    /* Happy new century */
-    strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ);
     principal.mod_date = time(0);
+    *principal.mod_date_txt = '\0';
+    principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60;
+    *principal.exp_date_txt = '\0';

You may also use more recent sources from ftp.pdc.kth.se:pub/krb/src.

Cheers,
Björn


-- 
  _     _                                               ,_______________.  
Bjorn Gronvall (Björn Grönvall)                        /_______________/|     
Swedish Institute of Computer Science                  |               ||
PO Box 1263, S-164 29 Kista, Sweden                    | Schroedingers ||
Email: bg@sics.se, Phone +46 -8 633 15 25              |      Cat      |/
Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30       `---------------' 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message